#!/bin/bash
#简单防ssh暴力破解
logfile='./sshfail.log'
dengip='./dengip.txt'
host_deny='/etc/hosts.deny'
echo '#' > ${host_deny}
fznum=${1:-20}
echo "---------------------------------------------------------" >> $logfile
echo $(date +"%y-%m-%d %H:%M:%S") >> $logfile
echo "---------------------------------" >> $logfile
grep 'Failed'   /var/log/secure |grep 'ssh2'|awk '{print $(NF-3)}' |sort|uniq -c |awk '{print $2"="$1}' >$dengip
cat $dengip >> $logfile 
for i in `cat ${dengip}`
do
IP=`echo $i|awk -F'=' '{print $1}'`
Num=`echo $i|awk -F'=' '{print $2}'`
if [[ $Num -ge $fznum ]];then
    grep "$IP" ${dengip}  > /dev/null  2>&1
    #echo $IP $?
    if [[ $? -eq 0 ]];then
	echo "sshd:${IP}:deny" >> $host_deny
        echo ${IP}
    fi
fi
done
